Bluetooth 5: 2x the speed + 4x the range = 8x the security risk

The new Bluetooth 5 specification has just been released and, with apologies to Daft Punk, it’s going to be better, faster, stronger.

With twice the speed (throughput of 2Mbps) and four times the range (theoretically 300+ meters), Bluetooth 5 is a significant improvement from V4.2 and will become the connectivity heart of many new devices, especially the ones that will drive the Internet of Things.

But as with any new technology, there is always a dark side, and with Bluetooth 5, the dark side equation can be written as: 2x the speed + 4x the range = 8x the security risk.

Hackers have worked hard at coming up with ways to exploit the Bluetooth protocol in order to gain access to endpoint devices and confidential data. And with the introduction of Bluetooth 5, they will be able to do that from a much greater distance and transfer data at twice the speed.

In the very near future, a hacker won’t even need to be just outside your office in order to scan your entire organization for an open Bluetooth connection to exploit. And once they find one, they’ll be able to use it to access your network and breach your data at twice the speed. At 2Mbps, by the time they’ve finished their latte at the Starbucks close to your office or from an unsecured parking lot, they could have easily downloaded all your confidential company data.

In fact, we covered this scenario in a previous blog post that analyzed some of the techniques used in the popular TV show, Mr. Robot, where the hacker exploited an open Bluetooth connection in a police cruiser’s laptop to gain access to a secure network. You can read the full blog post here: http://www.devicelock.com/blog/2809.html

So with Bluetooth 5 on the horizon, now is a good time to take a look your current environment and put solutions in place to reduce or even eliminate the risk that Bluetooth creates in your organization. The problem is already a threat that is shockingly under the radar and with Bluetooth 5 coming up, it’s going to get even worse.

Fortunately, our DeviceLock data leak prevention (DLP) solution allows you to block or limit Bluetooth access on your endpoint devices. It has the flexibility of allowing access to common Bluetooth Human Interface Devices like keyboards and mice while simultaneously blocking all other Bluetooth file and device traffic. DeviceLock enables organizations to continue utilizing the capabilities of Bluetooth for legitimate purposes, but mitigates the risk of a hacker exploiting Bluetooth to gain access to your network and data.

Although this blog post is focusing on Bluetooth, there are still other ways to get connected to an endpoint device such as infrared and even old legacy ports like serial and parallel. Most of us have probably forgotten about them, but hackers know they are still available on older computer endpoints (or on docking stations of laptops) and can use them as a way to infiltrate a Windows computer where they have physical or line-of-sight access. Because DeviceLock has been developing port security and data leak prevention software since 1995, we have a lot of experience in these legacy types of ports, and know how to lock them down as well.

You can’t stop progress, and there is no doubt that Bluetooth 5 is going to make a major impact on all kinds of devices in the very near future. As always, it’s important to be aware of both the positive aspects of the new technology, as well as the new security risks the technology will introduce.

If you'd like to learn more about DeviceLock, please call us at 925-231-4400 or email us.sales (at) devicelock.com and talk to one of our endpoint security specialists. You can also trial the DeviceLock DLP suite for 30 days by visiting our website at: http://www.devicelock.com/download